On Thu, 03 Apr 2008 04:12:27 -0700 David Schwartz <[EMAIL PROTECTED]> wrote:
> He would face a chicken and egg problem. To make a signed executable > to set his key to be accepted, he would need his key to already be > accepted. Uhm, if the attacker managed to get a hole in the sustem and get in, he / she will surely manage to get the necessary tools (a signed binrary) onto the system. As an added bonus, this is a binary he created himself, so it works with his key. > However, I agree that this is kind of pointless. It's like adding > extra locks to the back door when the front door is just as open. > Once someone gets root, odds are they can exploit an executable -- > even if it's signed -- using the same process they used to get root > in the first place. Exactly. PLease use the tools that are already available (securelevel in this case) before thinking up new ones that FreeBSD might or might not "need". Just my 0.2 eurocents. -- Regards, Torfinn Ingolfsen _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
